Refactor the auth code into its own dagger module, add tests and use the new interfaces to implement the login and logout commands.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=149108266
For constant field declarations, you should use the immutable type (such as ImmutableList) instead of the general collection interface type (such as List). This communicates to your callers important semantic guarantees ([]
This change replaces constants (static final CONSTNAT_CASE) declaration type which use the general collection interface (e.g. List) with an immutable type (e.g. ImmutableList).
For more info, see: []
Cleanup change automatically generated by javacflume/refactory
Refactoring: //third_party/java_src/error_prone/project/core/src/main/java/com/google/errorprone/bugpatterns:MutableConstantField_refactoring
Tested:
TAP --sample for global presubmit queue
[]
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=149010021
This follows up on Brian's work to transition not just to a new format
with an empty scope value, but instead to replace the existing format
entirely with a new one that:
1) includes a version number to support future format migrations
2) doesn't include a field for the scope at all, since scoping the
tokens adds no real security benefit and just makes verification
more difficult
3) replaces the raw SHA-256 hash with a SHA-256 HMAC instead, as a
best practice to avoid length-extension attacks [1], even though
in our particular case they would only be able to extend the
timestamp and would thus be relatively innocuous
The new format will be produced by calling generateToken(), and the
scope-accepting version is renamed to generateLegacyToken() in addition
to its existing deprecation, for maximum clarity.
I changed the validateToken() logic to stop accepting a scope entirely;
when validating a legacy-style token, we'll test it against the two
existing legacy scope values ("admin" and "console") and accept it if
it matches either one.
Note that this means the xsrfScope parameter in @Action is now wholly
obsolete; I'll remove it in a follow-up to avoid bringing extra files
into this CL.
After this CL hits production, the next one will replace all calls to
generateLegacyToken() with generateToken(). Once that CL is deployed,
the last step will be removing the legacy fallback in validateToken().
[1] See https://en.wikipedia.org/wiki/Length_extension_attack
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=148936805
There's a deleted domain with bad host resource keys. Since FKIs won't help us here, load a domain directly by key (i.e. by ROID) if we so choose.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=148685240
The BillingData view is intended to be the stable, clean source of data for the invoicing pipeline and detail report output. As such, cutting over to the synthetically created OneTimes is an implementation detail and shouldn't be visible in the output (esp. since that goes straight to the detail reports that registrars receive, and it'd probably just be confusing for them). I think it's fair to generically exclude the SYNTHETIC flag from showing up here - it will still be in BigQuery on the individual OneTimes if we want to look for it.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=148682719
It was kind of messy having all of that logic living alongside the
entities themselves.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=148498024
This also cleans up the PremiumList API so that it only has one
method for checking premium prices, which is by TLD, rather than two.
I will be refactoring a lot of the static methods currently residing in
the PremiumList class into a separate utils class, but I don't want to
include too many changes in this one CL.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=148475345
This fixes a bug in the interaction between ListObjectsAction and ListObjectsCommand/AppEngineConnection. ListObjectsAction was returning HTTP status code 400 when it caught an IAE, but also attempting to return a JSON response payload of {"status": "error", "error": "<exception message>"}. However, AppEngineConnection treats any HTTP error response as more like a crash on the server side - it attempts to scrape the error message out of the autogenerated HTML that AppEngine produces for uncaught exceptions, and throws an exception, killing ListObjectsCommand before it can extract the JSON which contains the nicer error (that stating the missing field, etc versus just "400 Bad Request").
The fix is just to have ListObjectsAction return a 200 and the error message so that ListObjectsCommand can correctly handle it.
I also de-scoped the catch to only catching IAE, since catching Exception was overbroad, and the only "expected" exception to be thrown is an IAE from the checkArgument() that tests if the requested fields all exist. Any other kinds of exceptions should actually just bubble up and kill the action, and get the regular AppEngineConnection error treatment.
I also added "billingId" as an alias for "billingIdentifier", parallel to clientId/clientIdentifier, since that's why I came across this issue in the first place.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=148248834
Store the auth credentials under a name qualified by the set of OAuth scopes
as well as the client id. This is implemented as the base64 encoded SHA1 hash
of the concatenation of client id and sorted auth scopes.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=148127911
Seems silly that one command uses --tlds for the required parameter, while the other one doesn't.
As part of this change, create a DateParameter for commands that require only a date (i.e. a DateTime parameter restricted to midnight UTC).
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=148106721
The one-day validity period is also moved from the caller into XsrfTokenManager.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=147857716
Implement client-side OAuth in non-local HTTP connections. Also add tests to
verify that the different modes of connection are set up correctly.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=147636222
It was somewhat unsafe to run because it bypassed some of the checks
that are usually run when attempting to delete EPP resources. The
DeleteDomainCommand is a recommended replacement that uses SOY templates
to delete a domain using EPP. Similar commands to delete hosts and
contacts can be written if required.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=147634146
There are about 25 active domains that have keys that point to deleted nameservers. In all cases, there are active nameservers with the same FQDN that these domains should be pointing to. Given the domains in question (pulled via BigQuery, see the bug), update the domain with the correct keys whenever a deleted host is found.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=147346660
Right now, it just NPEs, which is harder to debug. Also make it handle end-of-input more cleanly by assuming that means a negative response.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=146674937
Move all of the code to create the request factories into
RequestFactoryModule. Also add the --force_http_connection flag to allow us
to force the use of HTTP connections instead of HTTPOverRPC for our internal
connections.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=146116640
Among the Futures methods that run user callbacks, those that don't take
an Executor will be deleted. This CL migrates them to the counterparts
that take MoreExecutors.directExecutor() as such Executor in the
parameter list, exactly the way that the old method works.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=145358533
This fixes a long-standing bug b/26016322 to move BigqueryCommand off of using a service account to access the Bigquery API. It's now using Application Default Credentials, which can be easily auto-installed on a machine by running 'gcloud auth application-default login' and clicking through the OAuth consent screen.
The old method was a pain because:
1) individual users of the tool each needed to know to download and store a private key for the service account, and specify the key file via a CLI flag
2) BigQuery actions taken via the tool (e.g. load or query jobs) were listed as belonging to the service account, making them harder to find in the UI or for debugging, and difficult to audit (no idea which engineer invoked the tool)
3) within Google, this meant extra whitelisting headaches
The new method also isn't perfect because Application Default Credentials obtained via gcloud are supposed to be used primarily for local testing, and don't support setting any custom scopes. However, we don't need custom scopes for this, and the smoother flow is worth it.
In the longer term, once the CLI is using OAuth to talk to the app itself, we'll be able to switch to the "best practice" option of also using those credentials for talking to the BigQuery API.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=145120770
We no longer care about ROID suffix uniqueness in a post-Registry-2.0-migration
world, and the Registry cache is sufficient for efficiently grabbing the ROID
suffix for TLDs.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=144483726
Effectively a revert of [] now that synthetic billing events have been verified in production.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=144473744
This is the final preparatory step necessary in order to load and load
configuration from YAML in a static context and then provide it either via
Dagger (using ConfigModule) or through RegistryConfig's existing static
functions.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=143819983
We are now ready to begin configuration using YAML, mediated by ConfigModule.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=143818507
This is temporary until we verify that recurring billing event expansion is working as expected. I want to have this available in case things go south, though in a perfect world, we won't need this.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=143693458
Make AppEngineConnection use HttpTransport through HttpRequestFactory and
create factory factories for localhost and HTTPOverRPC.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=143680257
This is a necessary prerequisite to subsequently injecting the configuration
dependencies.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=143567753
We're now using java_import_external instead of maven_jar. This allows
us to specify the relationships between jars, thereby allowing us to
eliminate scores of vendor BUILD files that did nothing but re-export
@foo//jar targets, thus addressing the concerns of djhworld on Hacker
News: https://news.ycombinator.com/item?id=12738072
We now have redundant failover mirrors, which is a feature I added to
Bazel 0.4.2 in ed7ced0018
A new standard naming convention is now being used for all Maven repos.
Those names are calculated from the group_artifact name using the
following algorithm that eliminates redundancy:
https://gist.github.com/jart/41bfd977b913c2301627162f1c038e55
The JSR330 dep has been removed from java targets if they also depend
on Dagger, since Dagger always exports JSR330.
Annotation processor dependencies should now be leaner and meaner, by
more appropriately managing what needs to be on the classpath at
runtime. This should trim down the production jar by >1MB. As it stands
currently in the open source world:
- backend_jar_deploy.jar: 50MB
- frontend_jar_deploy.jar: 30MB
- tools_jar_deploy.jar: 45MB
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=143487929
I intend to configure ExpandRecurringBillingEventsAction in production in the near future, but until I verify that there's a 1:1 match between OneTimes expanded via SQL and OneTimes expanded via MR, filter the MR-synthetic OneTimes from the billing data view SQL.
I confirmed that this is the only script that consumes data from OneTime.
(Note that the best way would be to check for the SYNTHETIC flag, but syntheticCreationTime has a value iff the flag exists, and parsing the flags field is a relative pain in the neck compared to checking for null -- this is temporary.)
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=143108200
We have wound up with a few domains with invalid transfer data; the transfer status is SERVER_CANCELLED, but the other data is missing. This tool should set the transfer data for the specified domain back to null in the database.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=140883792
This makes the associated nomulus tool commands correctly return error
exit codes when the server-side component fails. This improves
scriptability.
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=140543216
Soy is gaining support for parsing/validating html structure and as such a number of patterns will start getting rejected by the parser. This change fixes newly errant soy templates by:
* transforming '<' characters that are not part of html tags to '<'
* inserting whitespace following tag names so that they are unambiguous
* changing templates not rendering html to kind="text" so html rules don't apply
* fixing control flow such that all tags (and quoted attribute values) are completely defined within a single control flow block. In some cases this required extracting {let..} vars or whole templates and in others it required duplicating conditions.
* removing stray unmatched quote characters in html tags.
* fixing incorrectly written html comments
LSC: https://docs.google.com/document/d/18MLrX8kUVzYGe1dBaSfh1kcQ_1UB02QHOk4KZtvHkIc/edit#
Tested:
$ blaze test //third_party/java_src/gtld/java/google/registry/flows:all //third_party/java_src/gtld/java/google/registry/tools/soy:all
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=140475284
